Antivirus Software Reaches Its Limit: Using AI to Guard against Cyberattacks

Security systems that rely on antivirus software have reached their limits.
Brian Dye, formerly Senior Vice President at Symantec, stated that, “Antivirus software is dead.” The reason he gave is that, “Antivirus only detects 45 percent of all attacks, leaving us vulnerable to the remaining 55 percent.” Looking forward, security systems urgently need to be developed to anticipate attacks by unknown malware in order to halt the damage.
As cyberattacks become increasingly radical, Artificial Intelligence (AI) will be at the forefront of countermeasures.

War on over One Million New Malware Threats Emerging Every Day

Malware is being produced at steadily increasing rates. Antivirus software vendors react to it by adding new pattern files to combat recurring malware.
Pattern files updates, however, can no longer keep pace with more than one million new malware per day. Under these circumstances, expectations are high for advanced detection technology, including monitoring for internal network communications and AI, to improve detection rates.
While completely stopping intrusions at their points of entry is nearly impossible with current technologies, modern security systems tend to incorporate AI and other advanced measures for entry points in efforts to minimize damage by carefully containing the intrusions.

Finding Targeted Attacks by Malware through Communication Patterns

Targeted attacks using malware have the characteristic of infecting terminals, then spreading from one terminal to the next. To deal with the attacks, you need to not only find the source of the infection, but also understand how far it has spread inside the network.
Fujitsu then focused on the patterns of communication between the terminals in the internal network, and developed a technology that monitors internal network communications, detects suspicious patterns from infected terminals to targeted ones, and prevents leaks.
In addition, another difficulty in monitoring and analyzing internal network communications is understanding the full extent of impact when terminals are infected with malware. In order to solve these problems, Fujitsu has developed Command Level Forensic, a technology that compresses data storage capacity for monitoring internal network communications. With this technology, we can know what was stolen, who sent what--everything--and can suppress collateral damage.

AI Reduces False Positive Rate Approx. 30%

The modus operandi of cyberattacks is one of ever increasing speed. Now that we have reached the limits of human measures, our hope falls on AI. Fujitsu has developed a set of AI technologies based on the concept of “working with people,” and we are beginning to use them in the field of security.
Behind AI is the basic technology of machine learning, which is divided into supervised learning, suitable for detecting known events with high accuracy, and unsupervised learning, also called anomaly detection, which can detect unknown events.

Example of cyberattack detection through learning

Fujitsu developed an unsupervised learning technology for cyberattack detection. It was used in the FUJITSU Cloud Service K5 cyberattack security system, resulting in successfully extracting new attacks in short work that would have taken three months manually before.
Furthermore, an original new AI technology called Deep Tensor has been developed, which incorporates supervised learning. In fact, when applied to 10,000 communication logs, Deep Tensor reduced false detection rates by approximately 30 percent.
With intensifying cyberattacks, the cost to companies for security measures and labor will rise. In such times, by developing and utilizing AI and other technologies, Fujitsu will eliminate the need for our SEs to go directly to the site of the customer to respond. Instead, we look to incorporate the knowledge to deal with problems into our ICT, offering services at a reasonable price.